All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
Bluesky
Twitter
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Broadcom Discloses Three Stored XSS Vulnerabilities in VMware Cloud Foundation Operations

By

Guru Baran

12d ago· 3 min readenNews

Summary

Broadcom disclosed three stored cross-site scripting (XSS) vulnerabilities (CVE-2026-41722, CVE-2026-41723, CVE-2026-41724) affecting VMware Cloud Foundation Operations and related products. Each flaw carries a CVSSv3 score of 8.0 (Important severity), allowing authenticated attackers to inject malicious scripts and perform administrative actions. The vulnerabilities were addressed in advisory VMSA-2026-0004 published June 8, 2026, with no workarounds available, making patching essential.

Source

bskyBroadcom Discloses Three Stored XSS Vulnerabilities in VMware Cloud Foundation Operationscybersecuritynews.com

Key quotes

· 4 pulled
Broadcom has disclosed three stored cross-site scripting (XSS) vulnerabilities affecting VMware Cloud Foundation Operations and several related products
authenticated attackers could inject malicious scripts to perform administrative actions within the environment
Each vulnerability carries a CVSSv3 base score of 8.0, placing the issues in the 'Important' severity range
No workarounds are available, making patching the on
Snippet from the RSS feed
Broadcom has disclosed three stored cross-site scripting (XSS) vulnerabilities affecting VMware Cloud Foundation Operations and several related products, warning that authenticated attackers could inject malicious scripts to perform administrative actions

You might also wanna read

Technical Analysis of CVE-2025-10035: A CVSS 10.0 Vulnerability in Fortra GoAnywhere MFT

watchTowr Labs analyzes CVE-2025-10035, a critical CVSS 10.0 vulnerability in Fortra's GoAnywhere MFT (managed file transfer) solution. The

labs.watchtowr.com·8mo ago

Cloudflare's response to the "Copy Fail" Linux kernel vulnerability (CVE-2026-31431)

Cloudflare's security and engineering teams responded to the "Copy Fail" Linux kernel local privilege escalation vulnerability (CVE-2026-314

The Cloudflare Blog·1mo ago

Critical Security Vulnerability CVE-2025-66478 in React Server Components Protocol

A critical security vulnerability (CVE-2025-66478) has been discovered in the React Server Components (RSC) protocol with a CVSS score of 10

nextjs.org·6mo ago

Analysis of CVE-2025-14986: Temporal's Masked Namespace Vulnerability Enabling Cross-Tenant Security Bypass

The article details CVE-2025-14986, a security vulnerability in Temporal's ExecuteMultiOperation endpoint that allows cross-tenant policy an

depthfirst.com·4mo ago

Critical Redis Vulnerability (CVE-2025-49844) Allows Remote Code Execution with Maximum CVSS Score

Wiz Research has discovered a critical remote code execution vulnerability (CVE-2025-49844, nicknamed #RediShell) in Redis, the widely used

wiz.io·8mo ago

Analysis of CVE-2026-4020: Coordinated Google Cloud Fleet Exploiting Gravity SMTP WordPress Vulnerability

A detailed technical analysis of CVE-2026-4020, a critical vulnerability in the Gravity SMTP WordPress plugin that exposed sensitive credent

honeylabs.net·3d ago